Advanced Mac OS X Rootkits.pdf - Reverse Engineering Mac OS X
12.07.2015 Views
Share Embed Flag

Advanced Mac OS X Rootkits.pdf - Reverse Engineering Mac OS X

Advanced Mac OS X Rootkits.pdf - Reverse Engineering Mac OS X

Advanced Mac OS X Rootkits.pdf - Reverse Engineering Mac OS X

SHOW MORE
SHOW LESS
ePAPER READ
DOWNLOAD ePAPER
  • No tags were found...
reverse.put.as

You also want an ePaper? Increase the reach of your titles

YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.

START NOW

<strong>Mac</strong> <strong>OS</strong> X Kernel <strong>Rootkits</strong>• Most <strong>Mac</strong> <strong>OS</strong> X Kernel <strong>Rootkits</strong> do traditionalUnix-style syscall filtering• They load as kernel extensions and removethemselves from kmod list– WeaponX, <strong>Mac</strong> Hacker’s Handbook, Phrack 66– Hides the kernel extension and prevents removal• Alternatively, code can be directly loaded intokernel via vm_allocate(), and vm_write()• In both cases, we have an unauthorized <strong>Mac</strong>h-Oobject file in the kernel44

logo

products

Resources

Company

Terms of service
Privacy policy
Cookie policy
Cookie settings
Imprint
Change language
Made with love in Switzerland
© 2024 Yumpu.com all rights reserved

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!